hacking unpacked

Bug Bounty resources

Bug bounties look fancy after reading all those public reports and POCs. Most of the people think it is the easiest part time job in the world, but this is not true. Like most of the jobs out there it requires hard work, dedication, creativity and lots of patience.

I started my infosec journey back in my summer break of 2012(July), got Microsoft acknowledgment (first acknowledgment) in December 2012 and my first bounty came from Asana in September 2013.

There were less public programs back then, now we have almost 1000+ public programs with the huge worldwide competition. It might be frustrating for a novice but with creativity and patience, it can be done. I get almost 4,5 messages on my social accounts on “How to get started”, here is a list of resources that can be helpful.

You should have the basic understanding of “How web and browser works”, knowledge of one web scripting language (JS/PHP or any programming language with web framework) and of course “common sense”.

Books:

The Web Application Hacker’s Handbook, second edition [Amazon India Link]: The book is recommended by everyone from the security community. Written by Burp suite creator, it has lots of hands on and covers almost everything related to web security. This book alone is more than enough to get started.